Summary

Experienced Information Security Executive with extensive experience in building and managing high performance InfoSec teams Security Operations, Incident Response, eDiscovery, GRC, Architect Engineering, Security Analytics . Results oriented leader that provides Finance and Management practical security solutions. Problem solver wh understands the financial importance of bridging business operations and IT Security objectives. Experienced speaker and motivator wh is comfortable working with both decision makers and general audiences.

Summary of Career Accomplishments

• Hired t create Cyber Security/Information Security Department for Hittite Microwave Corporation NASDQ: HITT - 300M Revenue/ 2B Market Cap .
• Oversaw Information Security operations for 13 locations worldwide. Environments included approx. 1000 machines MS Windows Servers, RHEL Servers, MS Win7, MS XP, CentOS, Mac plus corporate and BYOD mobile devices.
• Responsible for creating corporate cyber security posture, assessing immediate and long-term needs, creating policies and procedures regarding InfoSec and event response, working with IT team on best practices regarding security, and determining hiring needs.
• Created and managed an operating budget for capital expenses. Identified and prioritized needs based on funding availability and finance department recommendations. Worked closely with IT t evaluate needs and align projects t reduce costs and increase ROI.
• Implemented major cyber security initiative, including launching more than 6 InfoSec tools policies in 6 months across 13 sites globally. Introduced IT Compliance Governance GRC t environment. Created awareness program and tracked FCPA investigations for internal education and competitive intelligence.
• Managed 3rd party vendors, security audits, training.
• Scheduled Emergency travel for IT Security implementation, training, incident response, remediation.
• Internal consulting with Hittite executives teams on proper handling of ITAR and EAR99 data.
• Data analysis presentation preparation on company security posture for Board of Directors.
• Launched IT consulting firm 2001 . Shifted IT consulting firm t Digital Forensics Cyber Security consulting firm. Re-branded firm as The Lorenzi Group in 2007. Ran firm for 13 years.
• Responsible for hiring, training, and termination of employees. Held weekly executive team 4 meetings as well as weekly conference call for all employees 13 .
• Managed business operations, expanded brand, and delivered high-quality services. Worked with clients of all sizes and industries on cyber event remediation, litigation support, and prevention. Worked on hundreds of matters, managed vendors, clients, legal counsel, provided court evidence testimony.
• Built team t manage digital forensics and eDiscovery projects.
• Developed proactive data monitoring solution, creating subscription-based offering.
• Expanded service offerings t cyber security consulting, auditing.
• Managed multiple Fortune 500 Top 100 Private eDiscovery matters. Managed nation-wide and Global multi-site collection of electronic evidence. Worked with legal counsel t analyze data, produce findings, and prepare for trial.
• International presenter on technology security matters and concepts. Cyber security expert for Fox25 Boston TV. Frequent go-t resource for journalists and reporters on matters of cyber security and online safety.

Typical Environments Worked In

Financial Institutions, Insurance, Healthcare Support Services, Professional Services including Legal Accounting , Medical Practices, Hospitals, High-Tech, Telecom, Defense Contractors, Pharmaceutical, Printing Services, Food Processing, Utilities, Public Private Education, Higher Education, and many more.

Professional Experience

Senior Manager of Information Security Operations

Business Operations

• Managed a team of SOC Analysts, InfoSec Engineers, and Security and GRC Consultants
• Oversaw Cyber Attack Analysis, Malware Analysis, Incident Response
• Developed and built InfoSec team regarding size, technical, and professional skills
• Worked extensively with Internal Audit and Controls Team t ensure and validate regulatory compliance
• Collaborated with internal teams t build secure solutions that met organizational needs
• Advised Supported team on Incident Response events, day-today SIEM management, security consulting advice
• Worked with technical teams t ensure proper execution of technology solutions
• Responsible for developing Incident Response Reports for Executive Management
• Managed relationships with partners and vendors

Financial Operations

• Developed the Annual InfoSec Capital Expenditure CapEx Plan
• Developed the Annual InfoSec Operations Expenditure OpEx Plan
• Managed Approved team expenses
• Provided budget guidance t management
• Worked with management and team t streamline processes and reduce expenses

Confidential

Senior Information Security Professional

Business Operations

• Work with Dir. of IT Network Systems t develop Cyber Security Strategy Implementation Plan
• Work with members of Management Team on Cyber-Security training, Strategy, Operations
• Develop Manage Cyber Security Due Diligence for Acquisition Targets
• Work with team t assess needs and develop solutions
• Responsible for Monthly IT Security Newsletter Internal , Incident Response, Forensics
• Worked with IT team t implement software license management platform
• Provided detailed information on InfoSec strategy, posture, and vulnerabilities for Analog Devices acquisition
• Assisted in merging InfoSec operations during Analog Devices transition post acquisition

Financial Operations

• Created Annual Budget for Capital Expenditures of InfoSec/GRC/Forensics tools equipment
• Created year-long project plan for tool roll-out
• Worked with vendors t negotiate best pricing and delivery schedules
• Created Capital Equipment budget and project plan for InfoSec build-out of acquisitions targets

Technical Operations

• Assisted in technical cross-over from Hittite operations t Analog Devices operations
• Created implemented metrics for infections, attacks, and events
• Installed Configured Symantec Endpoint Manger SEP Clients via SEPM
• Tested, purchased, Installed, Configured SPLUNK Enterprise SIEM/Continuous Monitoring Software
• Tested, Installed, Configured Pal Alt 3020 500 Firewalls
• Configured Wireless Certification for mobile devices using Cisc WLC, MS Active Directory, MS Radius Server
• Installed Deployed Bit9 Software, manage ongoing configuration of solution as new software tools are introduced t environment
• Built Forensic lab
• Forensic preservation of employee computers and mobile devices
• Daily/Weekly review of Firewall Network activity
• Managed Trial and Deployment of Kanguru Encrypted storage devices across Global Enterprise
• Managed Weekly US-Cert Vulnerability alerts

Founding Consultant President

Business Operations

• Participated in Local, National, International conferences and speaking events
• Worked with PR Marketing teams t gain local and national brand exposure
• Expanded service offerings both horizontally and vertically more tools, broader scope
• Oversaw Managed contract negotiations with clients, vendors, partners
• Managed team of 13, including 4 on the executive team
• Direct P L responsibility for all aspects of business, including payroll, operations, R D, new ventures

Digital Forensics eDiscovery Services

• Advised legal counsel on technology issues
• Expert witness at multiple court hearings
• Analysis Review of Spyware, Malware, Intrusions, Hacking events
• Analyzed petabytes of data, identifying deleted/destroyed information, partials, lost filenames, last accessed and printed files, emails, documents, pictures, instant message chats, and other digital information
• Public and discreet on-site/off-site collections forensic imaging utilizing multiple devices, managing multiple media formats simultaneously
• Built and maintained a full-service Digital Forensics lab complete with government accepted hardware and software and forensic management policies

Cyber Security, Continuous Monitoring, Security Analytics Services

• Developed commercially viable data security SaaS solution
• Identified and expanded market need for Continuous Monitoring Security Analytics
• Modularized SaaS service offering t meet client needs and monetize new service offerings
• Network scans for network vulnerabilities intrusion vulnerabilities
• Developed policies and procedures for corporate-wide data security program
• Used analytics t predictively identify network threats and risks

Other Professional Experience:

Technical Expertise:

Digital Forensics Experience:

IT InfoSec Hardware Software

MS Windows 2003/2008r2/2012r2, MS Exchange, MS SQL, MS Hyper-V, Cisc ASA Firewalls, Pal Alt Network Firewalls, Sonicwall Firewalls, RSA Authentication Manager Tokens, Bit9 Parity, Symantec Endpoint Manager, Symantec PGP, Sophos A/V, Malwarebytes, Kanguru Encrypted portable drives, Cisc Wireless LAN Controllers Access Points, MS Server RADIUS servers for WiFi Security Certificates, SPLUNK, PaperCut, SpectorSoft Spector360, NetLogic NetFlows, ClearApps, SpiceWorks, Bit9, SourceFire, Ironport, FireBind, Aruba,

Digital Forensics, eDiscovery, Vulnerability Assessment, Penetration Testing, Cyber Security Tools

Tableau WriteBlock Drive Readers, VOOM Technology Hard Copy II, Hard Copy III, Access Data FTK, Access Data MPE, AccessData Cerberus, ASR Data SMART for Linux, Blackbag Technologies, Paraben P3 Software Suite, Paraben Cell Seizure/Mobile Device Capture Kit, Helix, PTK, CRW, Network Stumbler, Wireshark, CacheBack, Internet Evidence Finder, NUIX, USB Forensics, BKF Forensics, RegRipper, Nessus Tenable , NMAP, Firebind, NetReg, Metasploit, Solarwinds Orion, Qualys, Firebind, SNORT, Splunk, SecurityOnion, Lantern 4 Katana Forensics , F-Response, Elcomsoft PPBP

Litigation Expert Witness

Significant litigation support experience and expert witness testimony, depositions, and affidavits Detailed information available upon request

Presentations, Media Appearances, Journalism Quotes, Interviews, Articles Written

Available upon request